Sunday 18 March 2018

LinkedIn users told to reset passwords after security breach

James Edgar

MILLIONS of users of the social networking website LinkedIn have been told to reset their passwords after security information was stolen.

The site, which is aimed at professionals and has more than 161 million members in more than 200 countries, was compromised and members' details were posted online.

LinkedIn director Vicente Silveira said: "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts."

He said the company was investigating the security breach and added that those who were affected would notice their LinkedIn passwords would no longer be valid.

It is thought the passwords of more than 6.5 million people were stolen.

Mr Silveira said: "Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

"These members will also receive an email from LinkedIn with instructions on how to reset their passwords."

Users were told they should never change their passwords by following an link sent on an email.

"These affected members will receive a second email from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords," Mr Silveira added.

IT security and data protection firm Sophos said the leaked encrypted data does not include associated email addresses but warned that hackers will be working to crack the "unsalted" password hashes and "it is reasonable to assume that such information may be in the hands of the criminals".

Graham Cluley, senior technology consultant at Sophos, said: "It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step.

"Of course, make sure that the password you use is unique - in other words, not used on any other websites - and that it is hard to crack.

"If you were using the same passwords on other websites, make sure to change them too. And never again use the same password on multiple websites."

Mr Silveira said LinkedIn had recently improved its security, which included the "hashing and salting" of current password databases.

Online dating service eHarmony last night said that a "small fraction" of its users had also been leaked on to the web.

The site, which says it has more than 20 million registered online users, did not say how many had been affected.

But tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.

The dating service, a private company based in California, said on its blog that it had reset the passwords of the affected users, who would receive an email with instructions on how to set new passwords.

It recommended all its users adopt "robust" passwords.

Business Newsletter

Read the leading stories from the world of Business.

Also in Business